@babel/helper-module-transforms

Babel helper functions for implementing ES6 module transformations

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): jlhwung and nicolo-ribaudo are both recognized Babel core team members; publisher rotation within the Babel team is expected and not a security concern for this package.	ai	2026/04/22
dependencies	unvetted-dep:@babel/helper-module-imports	AI (dependencies): @babel/helper-module-imports is a core Babel monorepo package and a well-known, legitimate dependency of this helper. Stable false positive for this package.	ai	2026/04/22
dependencies	unvetted-dep:@babel/traverse	AI (dependencies): @babel/traverse is a core Babel monorepo package and a well-known, legitimate dependency of this helper. Stable false positive for this package.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Babel monorepo publish pipeline change; missing gitHead is a process artifact, not a security signal, for this well-established package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): developit (Jason Miller) stepping back from Babel is a well-known, publicly documented team change, not a suspicious removal.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): New deps (@babel/traverse, @babel/helper-validator-identifier) are first-party Babel packages from the same publisher team; not a third-party supply chain risk.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): jlhwung is a known Babel contributor; addition is a legitimate team expansion for the Babel project, not a suspicious takeover.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): loganfsmyth and hzoo are Babel project founders, not spam publishers. This is a stable false positive for the @babel/* namespace.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Already marked accepted risk; Babel monorepo packages historically published without Sigstore provenance.	ai	2026/04/21

Versions (showing 51 of 76)

Show 5 prereleases View all versions

Version	Deps	Published
7.29.7	3 / 1	2026-05-25
7.28.6	3 / 1	2026-01-12
7.28.3	3 / 1	2025-08-14
7.27.3	3 / 1	2025-05-27
7.27.1	3 / 1	2025-04-30
7.26.0	3 / 1	2024-10-25
7.25.9	4 / 1	2024-10-22
7.25.7	4 / 1	2024-10-02
7.25.2	4 / 1	2024-07-30
7.25.0	4 / 1	2024-07-26
7.24.9	5 / 1	2024-07-15
7.24.8	5 / 1	2024-07-11
7.24.7	5 / 1	2024-06-05
7.24.6	5 / 2	2024-05-24
7.24.5	5 / 2	2024-04-29
7.23.3	5 / 2	2023-11-09
7.23.0	5 / 2	2023-09-25
7.22.20	5 / 2	2023-09-16
7.22.19	5 / 2	2023-09-14
7.22.18	5 / 2	2023-09-14
7.22.17	5 / 2	2023-09-08
7.22.15	5 / 2	2023-09-04
7.22.9	5 / 2	2023-07-12
7.22.5	8 / 0	2023-06-08
7.22.1	8 / 0	2023-05-26
7.22.0	8 / 0	2023-05-26
7.21.5	8 / 0	2023-04-28
7.21.2	8 / 0	2023-02-23
7.21.0	8 / 0	2023-02-20
7.20.11	8 / 0	2022-12-23
7.20.7	8 / 0	2022-12-22
7.20.2	8 / 0	2022-11-04
7.19.6	8 / 0	2022-10-20
7.19.0	8 / 0	2022-09-05
7.18.9	8 / 0	2022-07-18
7.18.8	8 / 0	2022-07-08
7.18.6	8 / 0	2022-06-27
7.18.0	8 / 0	2022-05-19
7.17.12	8 / 0	2022-05-16
7.17.7	8 / 0	2022-03-14
7.17.6	8 / 0	2022-02-21
7.16.7	8 / 0	2021-12-31
7.16.5	8 / 0	2021-12-13
7.16.0	8 / 0	2021-10-29
7.15.8	8 / 0	2021-10-06
7.15.7	8 / 0	2021-09-17
7.15.4	8 / 0	2021-09-02
7.15.0	8 / 0	2021-08-04
7.14.8	8 / 0	2021-07-20
7.14.5	8 / 0	2021-06-09
7.14.2	8 / 0	2021-05-12

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.